diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 61bbf064d..24142c923 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -212,6 +212,10 @@ # (optional) Enable or not Nova Placement API binding # Defaults to hiera('nova_placement_enabled', false) # +# [*placement*] +# (optional) Enable or not Placement API binding +# Defaults to hiera('placement_enabled', false) +# # [*nova_metadata*] # (optional) Enable or not Nova metadata binding # Defaults to hiera('nova_api_enabled', false) @@ -463,6 +467,10 @@ # (optional) Specify the network nova_placement is running on. # Defaults to hiera('nova_placement_network', undef) # +# [*placement_network*] +# (optional) Specify the network placement is running on. +# Defaults to hiera('placement_network', undef) +# # [*ec2_api_network*] # (optional) Specify the network ec2_api is running on. # Defaults to hiera('ec2_api_network', undef) @@ -563,6 +571,8 @@ # 'opendaylight_api_port' (Defaults to 8081) # 'panko_api_port' (Defaults to 8977) # 'panko_api_ssl_port' (Defaults to 13977) +# 'placement_port' (Defaults to 8778) +# 'placement_ssl_port' (Defaults to 13778) # 'ovn_nbdb_port' (Defaults to 6641) # 'ovn_nbdb_ssl_port' (Defaults to 13641) # 'ovn_sbdb_port' (Defaults to 6642) @@ -625,6 +635,7 @@ class tripleo::haproxy ( $glance_api = hiera('glance_api_enabled', false), $nova_osapi = hiera('nova_api_enabled', false), $nova_placement = hiera('nova_placement_enabled', false), + $placement = hiera('placement_enabled', false), $nova_metadata = hiera('nova_api_enabled', false), $nova_novncproxy = hiera('nova_vnc_proxy_enabled', false), $ec2_api = hiera('ec2_api_enabled', false), @@ -687,6 +698,7 @@ class tripleo::haproxy ( $nova_novncproxy_network = hiera('nova_vnc_proxy_network', undef), $nova_osapi_network = hiera('nova_api_network', undef), $nova_placement_network = hiera('nova_placement_network', undef), + $placement_network = hiera('placement_network', undef), $octavia_network = hiera('octavia_api_network', undef), $opendaylight_network = hiera('opendaylight_api_network', undef), $openshift_master_network = hiera('openshift_master_network', undef), @@ -753,6 +765,8 @@ class tripleo::haproxy ( openshift_master_ssl_port => 18443, panko_api_port => 8977, panko_api_ssl_port => 13977, + placement_port => 8778, + placement_ssl_port => 13778, ovn_nbdb_port => 6641, ovn_nbdb_ssl_port => 13641, ovn_sbdb_port => 6642, @@ -1058,6 +1072,21 @@ class tripleo::haproxy ( } } + $placement_vip = hiera('placement_vip', $controller_virtual_ip) + if $placement { + ::tripleo::haproxy::endpoint { 'placement': + public_virtual_ip => $public_virtual_ip, + internal_ip => $placement_vip, + service_port => $ports[placement_port], + ip_addresses => hiera('placement_node_ips', $controller_hosts_real), + server_names => hiera('placement_node_names', $controller_hosts_names_real), + mode => 'http', + public_ssl_port => $ports[placement_ssl_port], + service_network => $placement_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), + } + } + if $nova_metadata { ::tripleo::haproxy::endpoint { 'nova_metadata': internal_ip => hiera('nova_metadata_vip', $controller_virtual_ip), diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 33a90e7a4..c9a541b60 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -247,6 +247,9 @@ class tripleo::profile::base::database::mysql ( if hiera('nova_placement_enabled', false) { include ::nova::db::mysql_placement } + if hiera('placement_enabled', false) { + include ::placement::db::mysql + } if hiera('octavia_api_enabled', false) { include ::octavia::db::mysql } diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 1f9fb77d5..9df40eca2 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -393,6 +393,9 @@ class tripleo::profile::base::keystone ( if hiera('nova_placement_enabled', false) { include ::nova::keystone::auth_placement } + if hiera('placement_enabled', false) { + include ::placement::keystone::auth + } if hiera('octavia_api_enabled', false) { include ::octavia::keystone::auth } diff --git a/manifests/profile/base/placement.pp b/manifests/profile/base/placement.pp new file mode 100644 index 000000000..c7d790281 --- /dev/null +++ b/manifests/profile/base/placement.pp @@ -0,0 +1,46 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::placement +# +# Placement base profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('nova_api_short_bootstrap_node_name') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') + +class tripleo::profile::base::placement ( + $bootstrap_node = hiera('placement_api_short_bootstrap_node_name', undef), + $step = Integer(hiera('step')), +) { + + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db) { + include ::placement + include ::placement::config + include ::placement::logging + include ::placement::db + } +} diff --git a/manifests/profile/base/placement/api.pp b/manifests/profile/base/placement/api.pp new file mode 100644 index 000000000..33b7cd3e7 --- /dev/null +++ b/manifests/profile/base/placement/api.pp @@ -0,0 +1,84 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::placement::api +# +# Placement API profile for tripleo +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('placement_short_bootstrap_node_name') +# +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: +# service_certificate: +# service_key: +# principal: "haproxy/" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*placement_network*] +# (Optional) The network name where the nova placement endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('placement_network', undef) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::placement::api ( + $bootstrap_node = hiera('placement_short_bootstrap_node_name', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $placement_network = hiera('placement_network', undef), + $step = Integer(hiera('step')), +) { + if $::hostname == downcase($bootstrap_node) { + $is_bootstrap = true + } else { + $is_bootstrap = false + } + + include ::tripleo::profile::base::placement + include ::tripleo::profile::base::placement::authtoken + + if $enable_internal_tls { + if !$placement_network { + fail('placement_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${placement_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${placement_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + + if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { + include ::tripleo::profile::base::apache + class { '::placement::wsgi::apache': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } + } +} + diff --git a/manifests/profile/base/placement/authtoken.pp b/manifests/profile/base/placement/authtoken.pp new file mode 100644 index 000000000..969105a0d --- /dev/null +++ b/manifests/profile/base/placement/authtoken.pp @@ -0,0 +1,44 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::placement::authtoken +# +# Placement authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*memcached_ips*] +# (Optional) Array of ipv4 or ipv6 addresses for memcache. +# Defaults to hiera('memcached_node_ips') +# +class tripleo::profile::base::placement::authtoken ( + $step = Integer(hiera('step')), + $memcached_ips = hiera('memcached_node_ips'), +) { + + if $step >= 3 { + if is_ipv6_address($memcached_ips[0]) { + $memcache_servers = prefix(suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211'), 'inet6:') + } else { + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + } + + class { '::placement::keystone::authtoken': + memcached_servers => $memcache_servers, + } + } +} diff --git a/spec/classes/tripleo_profile_base_placement_spec.rb b/spec/classes/tripleo_profile_base_placement_spec.rb new file mode 100644 index 000000000..6a4eece4d --- /dev/null +++ b/spec/classes/tripleo_profile_base_placement_spec.rb @@ -0,0 +1,126 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::placement::api' do + shared_examples_for 'tripleo::profile::base::placement::api' do + let(:pre_condition) do + <<-eos + class { '::tripleo::profile::base::placement': + step => #{params[:step]}, + } + class { '::tripleo::profile::base::placement::authtoken': + step => #{params[:step]}, + } +eos + end + + context 'with step less than 3' do + let(:params) { { + :step => 1, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::placement::api') + is_expected.to_not contain_class('placement::keystone::authtoken') + is_expected.to_not contain_class('placement::wsgi::apache') + } + end + + context 'with step less than 3 and internal tls and generate certs' do + let(:params) { { + :step => 1, + :enable_internal_tls => true, + :placement_network => 'bar', + :certificates_specs => { + 'httpd-bar' => { + 'hostname' => 'foo', + 'service_certificate' => '/foo.pem', + 'service_key' => '/foo.key', + }, + } + } } + + it { + is_expected.to contain_class('tripleo::profile::base::placement::api') + is_expected.to_not contain_class('placement::keystone::authtoken') + is_expected.to_not contain_class('placement::wsgi::apache') + } + end + + context 'with step 3 and not bootstrap' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::placement::api') + is_expected.to contain_class('placement::keystone::authtoken') + is_expected.not_to contain_class('placement::wsgi::apache') + } + end + + context 'with step 3 and bootstrap' do + let(:params) { { + :step => 3, + :bootstrap_node => 'node.example.com' + } } + + it { + is_expected.to contain_class('tripleo::profile::base::placement::api') + is_expected.to contain_class('placement::keystone::authtoken') + is_expected.to contain_class('placement::wsgi::apache') + } + end + + context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do + let(:params) { { + :step => 3, + :enable_internal_tls => true, + :placement_network => 'bar', + :bootstrap_node => 'node.example.com', + :certificates_specs => { + 'httpd-bar' => { + 'hostname' => 'foo', + 'service_certificate' => '/foo.pem', + 'service_key' => '/foo.key', + }, + } + + } } + + it { + is_expected.to contain_class('tripleo::profile::base::placement::api') + is_expected.to contain_class('placement::keystone::authtoken') + is_expected.to contain_class('placement::wsgi::apache').with( + :ssl_cert => '/foo.pem', + :ssl_key => '/foo.key') + } + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::placement::api' + end + end +end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index ab64760f7..e424cd8cb 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -55,6 +55,9 @@ manila_share_short_node_names: nova::rabbit_password: 'password' nova::keystone::authtoken::password: 'password' nova::network::neutron::neutron_password: 'password' +# placement related items +placement::rabbit_password: 'password' +placement::keystone::authtoken::password: 'password' # memcache related items memcached_node_ips_v6: - '::1'